Title: [278845] branches/safari-611-branch/Source/WebKit
- Revision
- 278845
- Author
- repst...@apple.com
- Date
- 2021-06-14 12:20:10 -0700 (Mon, 14 Jun 2021)
Log Message
Apply patch. rdar://problem/77619702
Modified Paths
Diff
Modified: branches/safari-611-branch/Source/WebKit/ChangeLog (278844 => 278845)
--- branches/safari-611-branch/Source/WebKit/ChangeLog 2021-06-14 18:44:12 UTC (rev 278844)
+++ branches/safari-611-branch/Source/WebKit/ChangeLog 2021-06-14 19:20:10 UTC (rev 278845)
@@ -1,3 +1,26 @@
+2021-06-14 Russell Epstein <repst...@apple.com>
+
+ Apply patch. rdar://problem/77619702
+
+ 2021-06-14 Chris Dumez <cdu...@apple.com>
+
+ Crash under IPC::Connection::dispatchMessageToWorkQueueReceiver()
+ <rdar://77576143>
+
+ Reviewed by Alex Christensen.
+
+ When r274565 was merged to the safari-611-branch branch, its `ASSERT(connection.m_incomingMessagesMutex.isHeld())`
+ did not hold there. Unlike trunk, the call-site (Connection::processIncomingMessage(std::unique_ptr<Decoder>)) does
+ not hold the m_incomingMessagesMutex lock on the safari-611-branch branch. This leads to crashes due to lack of
+ synchronization when accessing / modifying the m_incomingMessages Dequeue on the main thread and IPC thread in
+ parallel. To address the issue on the safari-611-branch branch, we now grab the m_incomingMessagesMutex lock before
+ modifying the m_incomingMessages Dequeue in Connection::SyncMessageState::processIncomingMessage().
+
+ No new tests, existing tests were crashing in debug already.
+
+ * Platform/IPC/Connection.cpp:
+ (IPC::Connection::SyncMessageState::processIncomingMessage):
+
2021-05-25 Alan Coon <alanc...@apple.com>
Cherry-pick r277881. rdar://problem/78467158
Modified: branches/safari-611-branch/Source/WebKit/Platform/IPC/Connection.cpp (278844 => 278845)
--- branches/safari-611-branch/Source/WebKit/Platform/IPC/Connection.cpp 2021-06-14 18:44:12 UTC (rev 278844)
+++ branches/safari-611-branch/Source/WebKit/Platform/IPC/Connection.cpp 2021-06-14 19:20:10 UTC (rev 278845)
@@ -147,7 +147,7 @@
{
auto locker = holdLock(m_mutex);
shouldDispatch = m_didScheduleDispatchMessagesWorkSet.add(&connection).isNewEntry;
- ASSERT(connection.m_incomingMessagesMutex.isHeld());
+ auto incomingMessagesLocker = holdLock(connection.m_incomingMessagesMutex);
if (message->shouldMaintainOrderingWithAsyncMessages()) {
// This sync message should maintain ordering with async messages so we need to process the pending async messages first.
while (!connection.m_incomingMessages.isEmpty())
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
